The GDPR replaces the 1995 EU Data Protection Directive, forcing every company around the globe to abide by strict rules when handling European subjects’ personal data. The regulations were adopted to protect EU residents and arm them with awareness about how companies use their information.
While GDPR addressed tech companies that have dealt with and make money off user data, like Facebook and Google, the expansive definition of “personal data” — everything from names and email addresses to biometrics and IP addresses — means that gaming companies have had to comply, too. And that has cost them time and money to avoid incurring fines.
This is good for gamers in the EU, who will have a much better idea what information is collected when they play, buy products or use services. Game enthusiasts outside Europe will benefit, too, as some organizations, like Razer, treat the GDPR as a privacy bellwether and adopted it globally.
Google is speeding up the closure of its unpopular social networking platform after discovering a new bug affecting over 52 million users.
The tech giant announced in October that it would be shutting Google+ in August 2019. However, that date has been brought forward to April next year, while its APIs will disappear “within the next 90 days,” according to G Suite product management VP, David Thacker.
The reason appears to be a newly discovered vulnerability in the API which the firm says impacts roughly 52.5 million users.
“With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile — like their name, email address, occupation, age — were granted permission to view profile information about that user even when set to not-public,” Thacker explained.
Reports suggest that as many as 2800 girl scouts in Orange County may have been affected in an incident which lasted just a day.
Is your organization GDPR compliant? Find out more about the Certified Data Protection Officer trainingAffected information could include names, email and home addresses, driver’s license details, insurance policy numbers and health history information.
Those hit by the breach were contacted last week.
They were told that the attack began on September 30 when an unauthorized third party gained access to an official Girl Scouts Orange County Travel email account, which was used to “send emails to others” — presumably phishing emails.
The London-based airline, the largest in the UK, did not disclose much about the breach, only that hackers stole customer data from its website, ba.com.
In a statement, BA said that the “personal and financial details” of customers who made bookings on BA’s site or app between August 21 and September 5 were compromised, but travel or passport information was not taken.
A spokesperson told TechCrunch that “around 380,000 card payments” were compromised. BA had more than 45 million passengers last year. “The breach has been resolved and our website is working normally,” the company said in a statement
Everyone will be given sweeping new powers to see what tech companies know about them and have it deleted, under a new bill.
UK’s Data Protection Bill will make it far more easy for people to find out how companies are using their personal details, including their browsing history and even their DNA. And once they’ve seen it, it will also greatly increase the “right to be forgotten” – allowing people to make those companies delete that most personal of information.
The bill is intended partly to allow people to escape from their internet history when they become an adult, since companies like Facebook and Google will have to scrub everything that they posted when they were a child.
Companies that won’t comply could be fined millions of pounds.
RELATED: UK’s new Data Protection Bill, incorporating GDPR, expected in September
As well as giving people far more power in how their information is handled, it will also make companies be more up front about how it is collected. Companies won’t be able to trick their customers by using pre-selected tick boxes that opt into tracking, for instance, and people will instead have to give their explicit consent.
The legislation will:
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Expand the definition of personal data to include IP addresses, internet cookies and DNA
- Make it easier and free for individuals to require an organisation reveal the personal data it holds on them
- Create new criminal offences to deter organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data
The legislation will bring the European Union’s General Data Protection Regulation (GDPR) into domestic law, helping Britain prepare for Brexit because it will mean the systems are aligned when the UK leaves the bloc.